From TechNet Edge: 

Nic Sagez gives us a brief into to Stirling and then gives a screencast demo of a security compromise within an organization which has a Forefront Stirling infrastructure.  The breakdown of the scenario is as follows:

• User "Don" browses to a phishing site and installs a program
• Hacker gains control of the client machine, disables Forefront Client Security (FCS) and User Account Control, sends a piece of malware using Don's email account
• We (an administrator) access the main Stirling Console and view the Security Assessment summary report.  We can see TMG detected the port scan and the automatic action and alert was taken.
• We refresh the console again and see Stirling has reported the user has been compromised and another action happens automatically.
• 08:36 - We go back to the main console and then to the client to show how NAP remediated the client by turning back on FCS.
• 09:30 - We go back to the main console and see the security checks summary report and drill down into granular information about the client's vulnerability.  Directly from the console, we are able to turn back on UAC

After the scenario-relevant part of the screencast is complete, we also see:

• 11:19 - Create a security policy in the Stirling management console using things such as NAP, Internet Explorer, and Exchange.
• 15:25 - Bind this policy with target groups
• 15:53 - Show an enterprise security report generated by Stirling